Skip to content

LogMan.io Alerts Configuration

LogMan.io Alerts has the following dependencies:

  • Apache ZooKeeper
  • NGINX (for production deployments)
  • Apache Kafka
  • MongoDB
  • Elasticsearch
  • TeskaLabs SeaCat Auth
  • LogMan.io Library with an /Alerts and /Schemas folders

Model

To start the application, include it in model and click on Apply button.

/Site/model.yaml
define:
  type: rc/model

services:
  lmio-alerts:
    - <node>  # Replace with name of the node

Example

This example is the most basic configuration required for LogMan.io Alerts:

[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181

[library]
providers=zk:///library

[kafka]
bootstrap_servers=kafka-1:9092,kafka-2:9092,kafka-3:9092

[elasticsearch]
url=http://es01:9200/

[asab:storage]
mongodb_uri=mongodb://mongodb1,mongodb2,mongodb3/?replicaSet=rs0

[auth]
multitenancy=yes
public_keys_url=http://localhost:8081/openidconnect/public_keys

[tenants]
tenant_url=http://localhost:8081/tenant

Zookeeper

Specify locations of Zookeeper servers in the cluster.

[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181

Hint

For non-production deployments, it is sufficient to use a single Zookeeper server.

Library

Specify the path(s) to the Library from which to load workflow declarations and tenant schemas.

[library]
providers=zk:///library

Hint

Since workflows are always located in /Alerts/Workflow, consider using the LogMan.io Common Library.

Hint

Since the ECS.yaml schema in /Schemas is utilized by default, consider using the LogMan.io Common Library.

Kafka

Specify bootstrap servers of the Kafka cluster.

[kafka]
bootstrap_servers=kafka-1:9092,kafka-2:9092,kafka-3:9092

Hint

For non-production deployments, it is sufficient to use a single Kafka server.

ElasticSearch

Specify URLs of Elasticsearch master nodes.

Elasticsearch is used to load events associated with a ticket.

[elasticsearch]
url=http://es01:9200/
username=MYUSERNAME
password=MYPASSWORD

MongoDB

Specify the URL of the MongoDB cluster with replica set.

Tickets are stored to MongoDB.

[asab:storage]
type=mongodb
mongodb_uri=mongodb://mongodb1,mongodb2,mongodb3/?replicaSet=rs0

Auth

The Auth section ensures that users can access only their own assigned tenants to set up alerts.

It supports multitenancy and checks for the resources specified in workflow declarations.

[auth]
multitenancy=yes
public_keys_url=http://localhost:8081/openidconnect/public_keys

Tenant

Tenants section ensures reading of the available tenants' list.

[tenants]
tenant_url=http://localhost:8081/tenant

Input

The Alerts microservice contains a Kafka interface that reads incoming signals from a dedicated lmio-signals topic.

The topic name or the group ID can be changed using:

[kafka:signals]
topic=lmio-signals
group_id=lmio-alerts

Note

Changing the input topic is discouraged to avoid unnecessary complications.

Web APIs

Alerts provides one web API.

The web API is designed for communication with the UI.

[web]
listen=0.0.0.0 8953

The default port of the public web API is tcp/8953.

This port is designed to serve as the NGINX upstream for connections from collectors.